The point is this whole "issue" you're referring isn't ours. Chromium-derived browsers will of course start blocking downloads from HTTP sources, that's not an "if", that's a "when", after all the current versions already are chatty enough when you're in a HTTP-only website and Google will also push the boundary even further in June, when Chrome 68 hits stable channel (Mozilla and the others will do the same although I'm not aware if they already have set deadlines like Google). I'm pretty sure when this becomes mandatory 7-Zip and others would already have enabled HTTPS on their servers.
You're also acting as if the web browser were the only security barrier a PC would have, which is also not true. Since Windows 8 the OS has a built-in antivirus and even through it's basic it would certainly detect malware-injected executables, blocking them even before the download finishes. Even if you're in ancient Windows versions they would keep bugging you since the first boot to install a 3rd-party antivirus, which would also detect this kind of attack. This is also a non-existent issue on macOS and in a huge majority of Linux distros because they all ship with built-in applications that's capable of reading 7z format, so no download from HTTP-only website involved other than the Dolphin build, which comes in their platform-specific format instead of 7z and that's served through our HTTPS-enabled site anyways, so not really an issue on those OSes.
TL;DR it's not our fault that 7-Zip and others still have HTTP-only websites and there's nothing we can do. In the meantime your options are turning the paranoia mode off and downloading 7-Zip executable from it's HTTP-only website or just dealing with the couple of dubious shareware/ad-filled apps that can handle 7z (or at least claims to) and that you seem to judge more secure just because they're served through HTTPS (hint: the former option is way safer even considering the security implications)...
You're also acting as if the web browser were the only security barrier a PC would have, which is also not true. Since Windows 8 the OS has a built-in antivirus and even through it's basic it would certainly detect malware-injected executables, blocking them even before the download finishes. Even if you're in ancient Windows versions they would keep bugging you since the first boot to install a 3rd-party antivirus, which would also detect this kind of attack. This is also a non-existent issue on macOS and in a huge majority of Linux distros because they all ship with built-in applications that's capable of reading 7z format, so no download from HTTP-only website involved other than the Dolphin build, which comes in their platform-specific format instead of 7z and that's served through our HTTPS-enabled site anyways, so not really an issue on those OSes.
TL;DR it's not our fault that 7-Zip and others still have HTTP-only websites and there's nothing we can do. In the meantime your options are turning the paranoia mode off and downloading 7-Zip executable from it's HTTP-only website or just dealing with the couple of dubious shareware/ad-filled apps that can handle 7z (or at least claims to) and that you seem to judge more secure just because they're served through HTTPS (hint: the former option is way safer even considering the security implications)...
Avell A70 MOB: Core i7-11800H, GeForce RTX 3060, 16 GB DDR4-3200, Windows 11 (Insider Preview)
ASRock Z97M OC Formula: Pentium G3258, GeForce GT 440, 16 GB DDR3-1600, Windows 10 (22H2)
ASRock Z97M OC Formula: Pentium G3258, GeForce GT 440, 16 GB DDR3-1600, Windows 10 (22H2)